Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3774 | 1 Bishop Bettini | 1 Phpesp | 2017-08-28 | 5.0 MEDIUM | N/A |
| php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files. | |||||
| CVE-2011-3775 | 1 Litoweb | 1 Phpfilenavigator | 2017-08-28 | 5.0 MEDIUM | N/A |
| PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files. | |||||
| CVE-2011-3776 | 1 Musawir Ali | 1 Phpformgenerator | 2017-08-28 | 5.0 MEDIUM | N/A |
| phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php. | |||||
| CVE-2011-3777 | 1 Phpfreechat | 1 Phpfreechat | 2017-08-28 | 5.0 MEDIUM | N/A |
| phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. | |||||
| CVE-2011-3778 | 1 Phpgedview | 1 Phpgedview | 2017-08-28 | 5.0 MEDIUM | N/A |
| PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files. | |||||
| CVE-2011-3829 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 4.0 MEDIUM | N/A |
| ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | |||||
| CVE-2011-3830 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. | |||||
| CVE-2011-3831 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name. | |||||
| CVE-2011-3832 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action. | |||||
| CVE-2011-3833 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2011-3835 | 1 Wuzly | 1 Wuzly | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter to media.php in admin/; the sidebar parameter to (12) add_widget.php and (13) widgets.php, id parameter to (14) category_delete.php, (15) comment.php, (16) page_delete.php, and (17) post_delete.php, (18) type parameter to media.php, and (19) id and (20) sidebar parameter to widget_delete.php in mobile/; and the (21) name, (22) email, (23) website, and (24) comment parameters to index.php; and the (25) username parameter to admin/login.php. | |||||
| CVE-2011-3836 | 1 Wuzly | 1 Wuzly | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors. | |||||
| CVE-2011-3837 | 1 Wuzly | 1 Wuzly | 2017-08-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php. | |||||
| CVE-2011-3838 | 1 Wuzly | 1 Wuzly | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. | |||||
| CVE-2011-3839 | 1 Wuzly | 1 Wuzly | 2017-08-28 | 7.5 HIGH | N/A |
| The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie. | |||||
| CVE-2011-3975 | 2 Google, Htc | 4 Android, Evo 3d, Evo 4g and 1 more | 2017-08-28 | 2.6 LOW | N/A |
| A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | |||||
| CVE-2011-3976 | 1 Ammsoft | 1 Scriptftp | 2017-08-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script. | |||||
| CVE-2011-3980 | 2 Jerome Schneider, Typo3 | 2 Ameos Dragndropupload, Typo3 | 2017-08-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | |||||
| CVE-2011-3981 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2011-3982 | 1 Ibm | 1 Aix | 2017-08-28 | 2.1 LOW | N/A |
| The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs. | |||||